WLC Session Timeout

Unanswered Question
Jul 5th, 2007

Is there a more granular way of enforcing Session Timeout for users on the WLC?

When I use Cisco BBSM with my radius server, the session-timeout value is honored and I could set time of day restrictions within Radius for myt Guest users.

However, with the WLC, it ignores these radius session-timeout values and only uses it own WLAN Session Timeout value.

I don't want Guests to re-authenticate (via Web Authentication) during the day based on the WLAN Session Timeout value. Imagine if I set it to timeout after 8 hours (a normal working day), but that user logged in at 4.49pm.

Anyone got any pointers please?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Wed, 07/11/2007 - 13:10

The RADIUS attribute 27 is used in order to configure the session-timeout values. This works only for controller timeout . But you can also try for client timeouts. order to set this, choose user/group setup > Edit Settings > Radius[5842\001], and type the session timeout value in the Cisco-Aironet-Session-Timeout box. If this attribute is not listed under user/group setup, choose Interface config > Radius (IETF), and check the attribute [027] Session-Timeout for user/group.

jmmerritt Thu, 07/12/2007 - 01:48

I had configured my Radius server to send session-timeout values, however, they were not being honoured.

After rechecking the AAA debug trace, I realised that the "AllowRadiusOverride is FALSE" error was my sticking point.

After enabling AAA Overide on the WLAN security, my session-timeout values worked!

Thanks!

jmmerritt Mon, 07/23/2007 - 03:21

I saw the "AllowRadiusOverride is FALSE" message when I had debug aaa all enabled.

To enable AAA overide from a controller, select "Allow AAA Overide" from the Advanced Tab on WLAN edit.

Actions

This Discussion

 

 

Trending Topics - Security & Network